最近給暢言加上了單點登錄,也就是可以用網站的帳號來在暢言上發射評論。暢言會通過你設置的一個接口來獲得用戶名,頭像等。但是我發現隊友暢言會頻繁請求這個接口,有時候會達到單個用戶一秒鐘好幾次??
雖然在php層有redis,壓力不會很大,但是這樣頻繁的請求還是會中防CC的策略,影響用戶正常的瀏覽。所以我決定在CDN上做個緩存。
OVH gives you a /128 block by default. But in fact you can use the whole /64. You can simply add a /64 address to eth0.
But if you activate IPv6 in docker and try to allocate an address in bridge network, you will find the address is not ping-able. The problem here is we should send a NDP notification to OVH router.
OVH的機器默認給的是/128,但是其實整個/64都是可以用的,如果添加到網卡上是可以雙向ping通的。
但是如果docker的bridge網絡分配了一個IPv6,卻無法ping通。喝了一瓶果汁之後我發現是因為沒有向(OVH的)路由器發鄰居發現協議包(NDP)。
Recently I found module list in Xposed become empty after I upgrade my Nexus5 to 6.0.1 (M4B30Z, Dec 2016). And all the modules are not activating. So I open logcat and see the following:
1 |
01-10 21:35:02.682 294 294 E Xposed : Cannot load any modules because /data/data/de.robv.android.xposed.installer/conf/modules.list was not found |
Rovo89 said on a xda post that this file should be created if any module is activated. But somehow it didn’t do so on my Nexus5. So I create one myself and set correct permission (0644) and uid (you can run the Xposed Installer app and check the uid through ps |grep xposed). Then I reboot and check logcat again:
1 2 |
01-10 21:29:39.485 295 295 E Xposed : Errors during Xposed initialization 01-10 21:29:39.485 295 295 E Xposed : java.io.IOException: Permission denied while reading /data/data/de.robv.android.xposed.installer/conf/modules.list |
Looks like it’s still not working.
Then I realise that Android started to set SELinux to enforce from Lollipop (5.0) so this should be the problem. (We can use dmesg|grep audit to check if the problem really related to SELinux. ) I compared a random file under /data/data to the file we just created:
1 2 3 4 |
root@hammerhead:/ # ls -Z /data/data/de.robv.android.xposed.installer/cache/repo_cache.db -rw-rw---- u0_a379 u0_a379 u:object_r:app_data_file:s0:c512,c768 repo_cache.db root@hammerhead:/ # ls -Z /data/data/de.robv.android.xposed.installer/conf/modules.list -rw------- root root u:object_r:app_data_file:s0 modules.list |
So all we need to do is to change this conf/modules.list to u:object_r:app_data_file:s0:c512,c768 as well
1 |
root@hammerhead:/ # restorecon /data/data/de.robv.android.xposed.installer/conf/modules.list |
restorecon is a applet shipped with toybox, we can also use chcon to manually set SELinux context.
升級Nexus5 到6.0.1 (M4B30Z, Dec 2016)之後,Xposed的模塊列表變成空的了,所有的模塊也都失效了。沒有xposed,怎麼種莊稼。於是我打開logcat看了一眼。
1 |
01-10 21:35:02.682 294 294 E Xposed : Cannot load any modules because /data/data/de.robv.android.xposed.installer/conf/modules.list was not found |
rovo89在xda的QA帖中說一般情況下這個文件會在啟用任意一個模塊後創建。然而現在它並沒有被創建。於是我去建了一個,然後chmod 644以及chown到應用到uid(可以通過啟動應用之後ps|grep xposed查看uid,形如u0_a??),重啟了一下,再瞄了一眼logcat。
1 2 |
01-10 21:29:39.485 295 295 E Xposed : Errors during Xposed initialization 01-10 21:29:39.485 295 295 E Xposed : java.io.IOException: Permission denied while reading /data/data/de.robv.android.xposed.installer/conf/modules.list |
好像哪裡不對
想起來Android從蘿莉棒開始SELinux就是enforce了,所以大概是這個問題。(我們可以通過dmesg|grep audit來查看被SELinux過濾的各種奇怪操作。)於是看了一下默認的文件context和我們剛創建的文件的context:
1 2 3 4 |
root@hammerhead:/ # ls -Z /data/data/de.robv.android.xposed.installer/cache/repo_cache.db -rw-rw---- u0_a379 u0_a379 u:object_r:app_data_file:s0:c512,c768 repo_cache.db root@hammerhead:/ # ls -Z /data/data/de.robv.android.xposed.installer/conf/modules.list -rw------- root root u:object_r:app_data_file:s0 modules.list |
那麼我們把這個conf/modules.list也改成u:object_r:app_data_file:s0:c512,c768這個context好了
1 |
root@hammerhead:/ # restorecon /data/data/de.robv.android.xposed.installer/conf/modules.list |
restorecon是toybox中帶的一個applet,我們也可以用chcon來手動更改context。